Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 10:33

General

  • Target

    edit.html

  • Size

    248KB

  • MD5

    d5b0140632d2c5e962f4943f174e5454

  • SHA1

    fd1f3006a54746ae28a46a9c701c72cf468d5a0a

  • SHA256

    a5ac5abbf7daeac4f3f88590225b5f384661bef482257d7ca8d4752ffec1174c

  • SHA512

    b6575c689fcd3dcd741403fecde3ef66195da888a7a94d2cab01b3b6f6e1fa17190ddaae50bdc38c11fec752c87c0100b18305dbb4d94bc266db7f8a285a10e4

  • SSDEEP

    1536:l+b7wCCg1JtQ7RtNk3092pz2sstVfyGQKFwU66/4GeSlRyefs5/eSENOBjLJpdSB:M6VknBA6PGtCNgWgr

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\edit.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:320
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd4dd946f8,0x7ffd4dd94708,0x7ffd4dd94718
      2⤵
        PID:1148
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11220147534132136847,11274047186411392260,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
        2⤵
          PID:2248
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11220147534132136847,11274047186411392260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2344
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11220147534132136847,11274047186411392260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
          2⤵
            PID:2984
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11220147534132136847,11274047186411392260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
            2⤵
              PID:4652
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11220147534132136847,11274047186411392260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
              2⤵
                PID:2904
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11220147534132136847,11274047186411392260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
                2⤵
                  PID:2616
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11220147534132136847,11274047186411392260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
                  2⤵
                    PID:876
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11220147534132136847,11274047186411392260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1712
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11220147534132136847,11274047186411392260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
                    2⤵
                      PID:1744
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11220147534132136847,11274047186411392260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
                      2⤵
                        PID:656
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11220147534132136847,11274047186411392260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
                        2⤵
                          PID:2180
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11220147534132136847,11274047186411392260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
                          2⤵
                            PID:4592
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11220147534132136847,11274047186411392260,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5596
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:876
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4160

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              4b4f91fa1b362ba5341ecb2836438dea

                              SHA1

                              9561f5aabed742404d455da735259a2c6781fa07

                              SHA256

                              d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

                              SHA512

                              fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              eaa3db555ab5bc0cb364826204aad3f0

                              SHA1

                              a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

                              SHA256

                              ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

                              SHA512

                              e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

                              Filesize

                              27KB

                              MD5

                              97f07e182259f3e5f7cf67865bb1d8f0

                              SHA1

                              78c49303cb2a9121087a45770389ca1da03cbcdf

                              SHA256

                              c3a70f23a2cf331852a818d3f2a0cf7f048753c9b47aa4e7f0fee234c46b226c

                              SHA512

                              10056ad3a71ee806a8d8aff04d513a079568bf11799016f76f27c4255be2141a4c2d99c1f46bbfde9c99ba0f8b44e780a92b59f514d3cc1c248ead915c31b5dd

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              288B

                              MD5

                              4c5451e5922a35ec70e464873d144c0d

                              SHA1

                              202894eabe8e510044304919997e794ba4696eb5

                              SHA256

                              364846d133948c37eb03bdd89c34f92deb752ab78678337d89edb8422c1f4461

                              SHA512

                              f50b76022f7141678d437ad19f6f1498e3afcd2a28a503b4b5a736337cc9f13db73ff0dbe4af3b1e6848784ab28ef4eefc3a8610224c127d23d15f62bdb0ebf8

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              216B

                              MD5

                              53102dd797037ecc1b559114975f9b63

                              SHA1

                              05cdcc11e4a93988c07978469442a2d8fc165e7b

                              SHA256

                              8cb856781de45e1626b2b6498cc539745edf8e073e597681f8afc15c2f748a3e

                              SHA512

                              25e3ffd89b102454fc3b657cef9366755bd829a57d5b77fe8430cd411381f62c994acdb3ff18c934d4e2cf284db48d49dd0db0289cb04f97ca0dcaf6614ed847

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                              Filesize

                              2KB

                              MD5

                              1768f286661cbcdfbe96d9f371c8c060

                              SHA1

                              5095b80ac1891917fdd1e89d4caf08ae7d94ba09

                              SHA256

                              96d3a6afbe2c0eb69a7c9b491771ee3719bb3456f031ce453fad56caa4d2a958

                              SHA512

                              5bb60e867907cebd2100cf554909338ba0c6862a79bc5175c0b21af0406861327ff296eb5c782369a3577642389da4db2bf6f6dc4c6764af4e279b00e6845fe9

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                              Filesize

                              2KB

                              MD5

                              4a6903e9f8320da282babe52c1be68a9

                              SHA1

                              7873802f83e258097c2ec3ea8a5b1a0c010a9936

                              SHA256

                              49ca1b2de8cc75bc4b17bb045e8734990bbad76e6c9c6399d1e64842945a14eb

                              SHA512

                              08acb77a4e80d5c86a93ade5ed7712b889c5bc977db197fbbd48b8de7bea79a58e2595c0b3f0706379ad4dd50a3afae50e0c99d6cf8c9531d1ea7836ba74374d

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              6b58d52fc91f388964c0bb7beee518d2

                              SHA1

                              f5b312f4ab3d31d1cfd665c8ac994701f1b3e393

                              SHA256

                              b982b65d5619947c117a99bdc5ef2845defa2af3183caaec6fd498b3487e9cfd

                              SHA512

                              caff2452d72f719a853fdc5fd04b9b678c39554d89323efce2a9c74b656515de03f1af305c9f04529ed82fe1a251f8dc5461667a67291185d98605df7e657f97

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              a1542141fca92cca67f10f3ddc4b3f82

                              SHA1

                              2abed7eb87df7b8654660dfd9d404592b600a609

                              SHA256

                              9639596dd9c4774f28bdd0668da4a56ab3c6b7c480962bc318914849f2bec627

                              SHA512

                              587bb0b0101a5273345387d185b7ff1d1cd10107eb0c31530ff434f856779009fb1f78039242603231ee4c0a6d41e11dcd70b02d36e017fb0ef917b50fdc41c2

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              5KB

                              MD5

                              5416f57076b755837d79876af7bcd305

                              SHA1

                              ffb854d2677301454e9fc29ba9991ad5c27ef482

                              SHA256

                              ff30a43908e78e4659e3e09d8ae065b0c8d199050713685df04ba52b892f1f58

                              SHA512

                              b4429ba7314d2ce5fc2225e6fe8ce191c2a0f72832d2182d7fa445fcfebd145d1de65340c0ec449920a3d966192a371b8fa18812c80913f90be76c97f0c5b556

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              98ca9f720811f6324ea703e16fe1aee0

                              SHA1

                              de5eac0283275f9830837b5413c6614f43e1a865

                              SHA256

                              ab66eea9cfbb51a3d3c62171406e53ce289be80c3160094144e2a2d2b52267d8

                              SHA512

                              1a82f15c5a2e989ad6afc62b9c92865e48488d4f7b38543e59aa71e8ef4c56c4e2dc42d0ea200b1ba5841bf3add985d32d08fa09e14d5f6d226a1cc5b7552629

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              2d3f570cdd85a8fe86473a50cdc6b031

                              SHA1

                              6bc5deb13635072fa697d8553db4d15ecc01d982

                              SHA256

                              ebf388579e9c6c72181a74e75f119ccf358d2594bc3e0e84fc321b603d4621cc

                              SHA512

                              8110e93f23b7bc82e96c0258cf7970be4e186e848781c9655d5370317eaabca2e1a40cafcca49749f86a50a90acb782ffcec547451ea94d8e158c0a14b9036b0

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                              Filesize

                              872B

                              MD5

                              c205c03cba3ca9fa0693315ff67511d3

                              SHA1

                              4eec638f20ab77a8e9383bda2c75da0ec9149a6b

                              SHA256

                              e93bbe7d229050215c4fa9d173fc41c876be18d8dcc900409429e23f953499ba

                              SHA512

                              0af6350160978630227c657debd28d045bd871927a453959e2f082c4e65bc8581e28fc87f6069df6c3fbb92e97360333672e82215ad795531daab2f23098101f

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581de3.TMP

                              Filesize

                              705B

                              MD5

                              1f722eac79f1afa9f84c2bdcd9913724

                              SHA1

                              0c3dd7e1ae3515b205fa114708131935035a2f30

                              SHA256

                              68bf689283631f27d5e3eda4b9ff055872403f71bc97e180844673880c413a51

                              SHA512

                              08af63bc976deae1fe744b20d349bcdf2222a8e44224ca49467bdc0b972bb579979cceaf9a939bd00e894034b1d1767fd2f99febf0affae31dfd2ac45de4e698

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                              Filesize

                              11KB

                              MD5

                              d2e6c8bdcaa968a859db4794d27b6054

                              SHA1

                              41fc6c6620083c05c2570bff7b53eca55c059af5

                              SHA256

                              fcb1bd8581aeb0fa4693b2d1ca8801f19be50c07f99a5be4d19f8829fa658be9

                              SHA512

                              b4a429a16336a25615193419e35a290c816619b63d9d277cd881501a26321a3e8f56b66dd784e6bb55456eaedba3391569c24a2c9470ed611e1a8b2ac2707bd1